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QUANTUM ALGORITHM UNCERTAINTY PRINCIPLES 



O , Ken Loo 

O . 
(N ■ 

J_j ' Abstract. Previously, Bennet and Feynman asked if Heisenberg's uncertainty principle puts 

I a limitation on a quantum computer (Quantum Mechanical Computers, Richard P. Feynman, 

i Foundations of Physics, Vol. 16, No. 6, p597-531, 1986). Feynman's answer was negative. In 

this paper, we will revisit the same question for the discrete time Fourier transform uncertainty 
0^ ' principle. We will show that the discrete time Fourier transform uncertainty principle plays a 

fundamental role in showing that Shor's type of quantum algorithms has efficient running time 

■ and conclude that the discrete time uncertainty principle is an aid in our current formulation 
^ and understanding of Shor's type of quantum algorithms. It turns out that for these algorithms, 

' the probability of measuring an element in some set T (at the end of the algorithm) can be 

written in terms of the time-limiting and band-limiting operators from finite Fourier analysis. 
C ~ ) ■ Associated with these operators is the finite Fourier transform uncertainty principle. The 

uncertainty principle provides a lower bound for the above probability. We will derive lower 
T~H ' bounds for these types of probabilities in general. We will call these lower bounds quantum 

£Nj , algorithm uncertainty principles or QAUP. QAUP are important because they give us some 

sense of the probability of measuring something desirable. We will use these lower bounds to 

■ derive Shor's factoring and discrete log algorithms. 

43 : 

-f— > ' 

a ■ 

0. Introduction. Feynman and Bennet (see [2]) previously asked if Heisenberg's uncer- 
tainty principle puts a limitation on quantum computers. Feynman's answer was negative. 
£> . Given that the quantum Fourier transform is at the core of Shor's type of quantum algo- 

k^j ' rithms, it is natural to ask if the finite Fourier transform uncertainty principle puts limita- 

tions on quantum algorithms and quantum computers. In this paper, we will show that the 
discrete time Fourier transform uncertainty principle is an aid for Shor's type of quantum 
algorithms. 

It is well known that the uncertainty principle is a property of Fourier analysis. Basically, 
the uncertainty principle says that a nonzero function / and its Fourier transform / can 
not be both highly localized or concentrated. In applications, the most famous uncertainty 
principle is Heisenberg's uncertainty principle. There are also less well known finite Fourier 
transform uncertainty principles that are used in signals analysis (see [1] and [6]). We will 
use ideas from the latter uncertainty principles to derive lower bounds for the probability 
of measuring an element in some set T in a certain class of quantum algorithms. 

We will consider quantum algorithms of the following type. Start with two registers both 
set to 0. Apply the quantum Fourier transform (over p) to the first register. Compute from 
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the first register the function g (j) and store its value in the second register: 

p— 1 1 p— 1 



(0.1) 



VP j=0 VP j=0 



We then measure the second register and see the value b. Next, zero- pad the p dimensional 
quantum state up to a q dimensional quantum state for q > p and then apply the quantum 
Fourier transform (over q) to the first register. Using the notation 



(0.2) 



D 



= |cez p . 9 (c) = fe| 



in mathematical notation, the process is 

p-i 



(0.3) 



4=Ei^(i)> 



\B 



i 



exp 



where we have dropped the second register in the last expression in 0.3 since it no longer 
concerns us. Finally, we measure the first register and we would like to know the proba- 
bility of measuring an clement in some set T in this last measurement. Let us denote this 
probability by prob (T,p, q). In particular, 



cS-B 

2iirck\ 




(0.4) 



prob (T,p, q) 



1 



q\B\ 



E 



( 2i-Kck\ 



exp \— j 

ceB \ <t / 



In general, the expression in 0.4 is hard to compute in closed form. Techniques have 
been developed to derive lower bounds for 0.4 and the correctness of Shor's factoring and 
discrete log algorithm can be derived this way (see [3]). We now rewrite 0.4 in terms of the 
time-limiting and band-limiting operators. Let / = |0), then fj exp ^ -zinjc ^ - g q •£ j _/_ g 
and it is 1 if j = 0. Using this, 0.3 can be written as 



(0.5) 



1 eIe(eW- 2 - 



1*1 



I c£B \ j=0 



exp 



/ 2inck\ 
\ Q J 



\k). 



The expression in 0.5 is j^R%f where R%f is the band-limiting operator from finite 

Fourier transform analysis. In signals analysis language, the band-limiting operator Fourier 
transforms / into the frequency domain, zeros out the transformed signal outside of some 
band B and then attempts to reconstruct the original signal / with an inverse Fourier 
transform as given in 0.5. Also from signals analysis, for any signal /, the time-limiting 
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operator P^,f zeros out f outside of the set T. With the time and band-limiting operators, 
0.4 can be written as 



(0.6) prob(T,p,q) = -^-\\P}R%f\\l 



The goal of this paper is to derive lower bounds for 0.6. This is important since if the 
lower bound is of the form 

(0.7) prob(T,p,q)> 



poly (input size) ' 

then by repeating the experiment a polynomial number of times, we can measure something 
in T with high probability. We also know that the quantum Fourier transform can be 
implemented with a polynomial number of gates (see [4]). Hence, given 0.7, we can use a 
polynomial number of quantum gates to measure something in T with high probability. It 
turns out that there is a finite Fourier transform uncertainty principle associated with the 
right-hand-side of 0.6. It is given by 

(0-8) (1 - e - „) ||/|| 2 < \\P q T R%f\\, < ||PMI|||/|| 2 , 

where e and r\ depends on /. At first glance, the uncertainty principle might be useful for 
quantum computing since it provides a lower bound for 0.6. Unfortunately, 0.8 is useless 
for quantum computing because for / = |0), e + 77 > 1. Nonetheless, the proof of the 
uncertainty principle in 0.8 was enlightening. It paved the way to deriving some general 
lower bounds for 0.6 and these lower bounds can be used to derive Shor's factoring and 
discrete log algorithm. We will call these lower bounds quantum algorithm uncertainty 
principles or QAUP for short. 

It is well known that factoring a positive integer N can be reduced to finding the period 
r of the function x a mod N for some x mod N. Shor (see [4] and [5]) showed us how to do 
this. Hallgren and Hales ([3]) abstracted the essentials from Shor's algorithm and derived 
quantum Fourier sampling theorems (QFST) to deal with the type of problems similar to 
the one in the last paragraph. Basically, when applied to quantum algorithms, QFST relate 

prob (T, p, p) to prob [T ,p,q) via equations of the type 



(0.9) prob (t ,p,q)> 1 - . . prob (T, p, p) . 

V / poly (input size) 

Here, q = poly (input size)p and T is nicely related to T (for the factoring problem, T 



LfJ 



jeT ). Thus, if 



(0.10) prob{T,p,p) > 1 , 

poly (input size) 

then 

(0.11) prob(r',p,t 



poly (input size) 
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This tells us that we can apply the quantum Fourier transform over some smooth q > p and 
we are in business to measure something in T . 

The proof of the uncertainty principle that we are interested in compares / to P^R q B f. 

The theorems derived in [3] compares prob (t ,p, q^j to prob (T,p,p). It turns out that the 

proof of the unccrtainity principle can be modified to compare prob (t , p, q^j to prob (T, p, p) 
also. Let us write 

(0.12) prob(T,p,p) = ^2prob(k,p,p) . 

kGT 

The type of lower bounds that we will derive is of the form 

(0.13) prob(r' ,p,qj >~^2 ( vVo& (k, p, p) - small (fc, . . . )) . 

q ker 

for q > p. Here, small (k, . . . ) is some small number that depends on all the variables 
involved, T and T do not have to be nicely related to each other as long as for all values of 
k, the expression that gets squared in 0.13 is positive. 

After deriving quantum algorithm uncertainty principles, we will apply them to the factor- 
ing and discrete log problems. For factoring, yjprob (k,p,p) — for all k and \T\ = $ (r), 

where $ (r) is the Euler phi function. After some computation, \Jprob (k,p,p) — factors 
out of the right-hand-side of 0.13 leaving 

(0.14) prob (t', P , q] > ?- (1 - small) 2 V- = ^(l- small? > 

' \ J q 7^r r q r 

- (1 — small) > - (1 — small) — - — -. 

q log log r q poly (log r) 

This tells us that it is OK to transform over some smooth q > p = rt. As in Shor's algorithm 
(see [4]), after measuring something in T , r can be recovered by using continued fractions. 
The discrete log problem is similar. 

It is natural to ask if quantum algorithm uncertainty principles have any physical signifi- 
cance other than as a tool for proving theorems. This is not an easy question to answer since 
we currently do not have the concepts of time and frequency domain in quantum computing. 
One might venture to ask if the power of quantum computing is somehow related to the 
uncertainty principle (Heisenberg or QAUP). If it were, it would certainly be a triumph for 
the uncertainty principle. We will leave these questions open for future research. We will 
end our introduction with a quote from [1]. "The uncertainty principle is widely known for 
its philosophical applications: in quantum mechanics, of course, it shows that a particle's 
position and momentum can not be determined simultaneously...; in signal processing it 
establishes limits on the extent to which the instantaneous frequency of a signal can be 
measured... However, it also has technical applications, for example in the theory of partial 
differential equations..." - D. Donoho and P. Stark 

1. Finite Fourier Transform Uncertainty Principles. We start by giving a review of 
the finite Fourier transform uncertainty principles. The notations in this section are taken 
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from [6] and they are slightly different from standard quantum computing notations. Let 
/ : Z g — ► C, then the Fourier transform of / is the function given by 

(1-1) /(») = E/(*)exp(=^). 

x=o \ y / 

The inverse Fourier transform of / is the function given by 
(1-2) /(s) = lg/( y )e*p(^Y 

y— 

Notice that the above discrete Fourier transform is not the same transform as the quantum 
Fourier transform given in equation 3.1, they differ by a minus sign in the phase of the 
transform and an overall normalization constant. We will use a hat to denote the discrete 
Fourier transform and FT p to denote the quantum Fourier transform over p. 
In vector or quantum computing notation, / is a vector given by 

(1-3) / = X>|j> 

3=0 



where fj = f (j). The Fourier and inverse Fourier transform are given by 



3=0 W=0 



and 



respectively. 

Definition 1.1. The support of f is defined to be 

(1.6) suppf = {x e Z q \f (x) ^ 0} . 

Theorem 1.1 Uncertainty Principle - version 1. Suppose f : Z ? — ► C and f is not the 

zero function, then \supp f\\supp f\>q. 

Proof. Sec [6] and references within. □ 

Definition 1.2. Let T C Z q , define S T ■ % q -» {0, 1} by 

^ ^ T ^ ^ { 0, otherwise. 



220 



Ken Loo 



Definition 1.3 Time and Band-limiting Operators. Let f : Z 9 — > C and B 7 T C Z g; 

f/ie time-limiting and band-limiting operators are defined by 

(1.8) [P«/](x)=/(x),5 T (x), 
and 

(1-9) [i?|/](x) =i^/( c) exp(^) 



respective/?/. 

The time-limiting operator zeros out / outside of T and the band-limiting operator at- 
tempts to reconstruct / from / by using only information within the set (band) B. In vector 
notation, the band-limiting operator is given by 



lixikc 



(-0) -fc/ - Ig {g {g A-p (^) } -p ^=f = I > l*>- 



From here on, we will assume that T ^ fl and B ^ since the empty set is not very 
interesting to us. 

The 2-norm of / : 7L q — > C is defined by 



a-") 11/112 = vu7> 



9-1 



\ x=0 



It follows from Parseval's equality that (/,/) = |(/,/) and 1.11 implies that II/H2 = 
I l/lb- Let F = {/ : Z q — ► C} and Q be a linear operator Q : F — > P. The operator norm 
of Q is defined by 

(1-12) ||0||=BUp{li^ 



Lemma 1.1. Let T,B C 7L q , then \\R q B \\ = 1,||P||| = 1, 
(1.13) ||f*i2||| = |l*l^ll<l- 

Proof. See [6]. □ 

Theorem 1.2 Uncertainty Principle - version 2. 



(1.14) vfflH<||^||< J™ 



Proo/. See [6] . □ 
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Definition 1.4. We say that f : Z q — ► C is e- concentrated on T C Z q if 
(1-15) ||/-£T/||2 = ||/-P£/||2<e||/|| 2 , 



and we say i/iai / is n-band-limited to B if there is a function : Z 9 ^ C such that 
supp{fs) C _B and 

(1-16) ||/-/ S ||2 = ^||/-/B||2<r ? ||/|| 2 . 

We now present the last finite Fourier transform uncertainty principle. This uncertainty 
principle is the one that we are interested in for applications to quantum algorithms. We 
will give a proof of this version of the uncertainty principle since it compares / to Pj,R q B f as 

mentioned earlier. We will modify this theorem to compare prob (t ,p, q^j to prob (T,p,p). 

Theorem 1.3 Uncertainty Principle - version 3. Suppose f : Z q — > C is nonzero and 
it is e- concentrated on T as well as rj -band-limited on B, then 

(1-17) (l-e-n)\\f\\ 2 <\\P«R%f\\ 2 , 
and 



(1.18) i_ e _„<||P W ||<^M. 
Proof (From [6]). We have 

(1.19) \\f\\2-\\P}R q B f\\2<\\f-P«R%f\\ 2 

<||/-P«/||2 + ||P^/-P^|/||2 

<e||/||2 + ||P!l|||/-i?!/||2 
<e||/||2 + ||/-i?!/||2, 

where we have used ||P^|| = 1 from lemma 1.1. Since / is ^-band-limited on B, it follows 
that 

(1-20) II/-P|/I|2 = ^=||/-P1/||2 

<^=||/-/B||2<r/||/||2. 

This gives 

(1-21) ll/l|2HI^M/l|2<e||/||2 + n||/|| 2 , 

and (1 -e-rf) \\f\\ 2 < \\P q R q B f\\ 2 follows. Finally (1-e-rj) < \\P%R q B \\ follows from 
\\P%R q B f\\ 2 < {\\P^R q B \\) ||/|| 2 , and \\P£R q B \\ < is horn uncertainty principle- 



version 2. □ 



Q 
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2. Uncertainty in Quantum Algorithms. We now show how uncertainty principle - 
version 3 can be applied to quantum algorithms. We will consider quantum algorithms of 
the following form. Prepare |0)|0). Apply the quantum Fourier transform (eqn. 3.1) to the 
prepared state 



p-i 



(2-1) |0)|0)-^^|j)|0). 



Next, compute 

( 2 - 2 ) -4Eli)|o)-4Eli)b(i)) 

^ P 3=0 ^ P 3=0 

and then measure the second register obtaining b = g(c). This will put the quantum 
computer into the state 



(2-3) ~mT,\ c )> 



B \ ceB 



where B = {c\c e Z p ,6 = g(c)} and the second register is suppressed. We then zero-pad 
the quantum state from a p-dimensional state to a g-dimcnsional state for some q > p and 
apply the quantum Fourier transform over 7h q to the first register. The quantum computer 
will be in the state 

.s 11 \ 2iirck\ .,. 

(2 - 4) 7m^U?r—r 

Finally we measure the first register and the probability of measuring an clement in some 
set T C TL q is of great interest. In particular, we would like this probability to be at least 
poiy(input size) s0 tnat tne experiment can be repeated a polynomial number of times in hope 
of measuring something in T with high probability. 

It turns out that the probability of measuring something in T can be written in terms of 
the time-limiting and band-limiting operators from section 1. Let / = |0), then 2.4 can be 
written as 



where the equality comes from 1.10. The probability of measuring something in the set T 
is just 

(2-6) ^\\P%H? B f\\l. 

At first glance, the uncertainty principle - version 3 might provide a useful lower bound 
for the probability of measuring something in T. It turns out that version 3 is totally useless 
for this purpose. If ^ T, f is 1-concentrated on T (e is at least 1) and the uncertainty 
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inequality is rendered useless. If e T, then e = and we take V ~ y q ^ (it is at least 

I B I 

that big). The probability of measuring in the first register is L-A, and the uncertainty 
principle tells us that the probability of measuring something in T — {0} is greater than 



The expression in 2.7 is negative! 

Nonetheless, the proof of theorem 1.3 is a good model for deriving useful lower bounds. In 
light of theorem 1.3, and the work of [3], it turns out that it is fruitful to derive uncertainty 
principles which relate \\P^, R q B f W2 to ||P^i?^/|| 2 for q > p. We will do just that. 

3. Motivations: Factoring, The Easy Case. In this section, we will review an easy 
case of Shor's factoring algorithm. Factoring an odd integer N can be reduced to finding the 
order (even) of a random integer x mod N, i.e. finding r such that x r = 1 mod N where r is 
divisible by 2. Suppose N has k distinct prime factors, i.e. N — pi 1 . . -p e k k , then algorithm 
is as follows: 

Step 1. Choose a random x mod N. Use the polynomial time Euclidean algorithm to 
compute gcd(x, N). If gcd(x, N) ^ 1, a factor of N is found so assume gcd(x, N) = 1. 

Step 2. Find the smallest r such that x r = 1 mod N. This is the "hard" part of the 
algorithm. 

Step 3. If r is odd, go back to step 1. The probability that r is odd is (|) . 

Step 4. Since r is even, (x? — l) (x% + l) = x r — 1 = mod TV. If (x5 + l) = mod N, 
go back to step 1. The probability that (xi + l) = mod TV is less than (|) 1 . 

Step 5. Since (a;5 + l) ^ mod N, (xi — l) and N must have a nontrivial common 
factor. Use the polynomial time Euclidean algorithm to find gcd(x^ — 1,N). Notice that 
gcd(x5 — 1, N) 7^ N otherwise x% = 1 mod N contradicting step 2 where r is the smallest 
such number with this property. 

The hard part of the above algorithm is in step 2, but Shor [4] and [5] showed us how to 
do that step with a polynomial number of quantum gates. His algorithm relies heavily on 
the quantum Fourier transform. The quantum Fourier transform is a unitary operator that 
takes the state \a) = X^j=o a j\j) to 



(3.1) FT » = 4=E 

y p c=o 



p-i 

^2 a J ex P {2nijc/p) 
3=0 



|c>, 



where p — 2 l (p can be a smooth integer). The quantum Fourier transform can be im- 
plemented with a polynomial number of quantum gates, see [4]. We will review Shor's 
algorithm for a simple (rather unrealistic) case. 

We start with |0)|0) and take the Fourier transform of the first register 

(3.2) |0)|0)^— 5>>|0>- 
Next, we perform the operation 

(3.3) ± ]T |c)|0) |c) \x c mod N). 

VP c=0 VP c=0 
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Here is where we make our unreasonable assumption. Assume that the period r exactly 
divides p and write p — rt. Now we measure the second register and see b = x a mod N, 
where a is the smallest positive integer that satisfies the equation. Notice that we have no 
knowledge of a. This puts our quantum computer into the state 

1 A 

(3-4) -7=— ^|.7*r + a>|fo> 

where A is the largest integer for which Ar + a < p. Since p = rt, A = f — 1- The above 
state can be rewritten as 



5-i 

r 



(3.5) 



\3*r + a), 

' 3=0 



where the state \b) has been dropped for notation convenience. Next, apply the quantum 
Fourier transform: 



5-i E_i 

■ t 1 p— l , — r 



FF 1 FF 

(3.6) J- J2 \j * r + a) - — £ . /- ]T cxp (2™(jr + a)c/p)|c) 
V p j=o VP c=0 V P 3=0 

P 

--i 

= — ^ exp {2-Kiacjp) exp (2-7rijrc/p)|c), 

Observing that 

L-^ [ -, if c is a multiple of - 

(3.7) 2^ exp (2mjrc/p) = < r r , 

j = o [ 0, otherwise 

cqn. 3.6 is just 

-. i — l i — l 

(3.8) 



1 1 

— = ^2 cx p ( 27ria j/ r )\jp/ r ) = —/= ^2 cxp ( 27ria j/ r )\j t )- 



^P 

Finally, with probability -, we measure the first register and see k = '■ — = jt where 



r 

< i < r — 1. Notice that the probability of measuring \k)\b) for any particular k and b is 

1/r 2 . This gives us — = — where k and p arc known. If j and r arc relatively prime, we 
p r 

can determine r. The number of j's that are relatively prime to r is $ (r). Since there are 
r number of different fc's and 6's, the total probability of observing \k — jt)\b) such that j 
is relatively prime to r is 

2 $ (r) 1 _ <f> (r) k k 



( 3 - 9 ) r 2 -T^Ia = -T 2 > 



log log r log n 
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This tells us that for the simple case, with high probability, we can find r with a polynomial 
(with respect to n — logr) number of quantum gates. In other words, let 



(3.10) 



T = {k = jt\ gcd(j,r) = 1,0 < j < r - 1} . 



Then we can measure something in T with probability at least the inverse of a polynomial 
in the size of the input. 

The above algorithm is not very useful in general. The reason for this is that we assumed 
p = rt and we do not know r (r is what we seek). We performed two quantum Fourier 
transforms over p. In generalizing this easy case to the general case, we must address these 
two Fourier transforms. 

4. Quantum Algorithm Uncertainty Principles (QAUP) - version 1. We now 

derive quantum algorithm uncertainty principles that relate \\P^,R q B f\\2 to H-Py-R^/I^ f° r 
q> p. 

Proposition 4.1. For all x £ R, | exp (ix) — 1| < \x\. 

Proof. The inequality is certainly true when 2 < \x\, so we will assume 2 > \x\. The 
expression | exp (ix) — 1| is the length of the vector (cosx, sin a;) — (1, 0) in M 2 . The smallest 
arc-length of the piece of the unit circle that starts at (0, 1) and ends at (cosx, sin a;) is l*|a:|. 
Since the shortest distance between two points in R 2 is a straight line, | exp (ix) — 1| < 
follows. 

Lemma 4.1. Let q > p, f = |0), T C Z p; and 



(4.1) 



k ez. 



' qk 

k = h£fe,KGi, no restrictions on 

P 



Let B be a set and B = a + B = {a + b\b G £> } . Suppose that for all fceT, 



(4.2) 



< 



27r|e* 



£1^ 



2tt(5. 



k,B P 



cG-B 



<r q 



<-J\P p k R B f\\2, 



where S k g depends on k and ^2 ce § \c\. Then for all k e T, 



(4.3) 



0<?ll«/l|2-^ 



< 



q 



ceB 



\\P g k ,R 



B/II2- 



Proof. The left most two inequalities in 4.3 comes from 4.2. Notice that the relationship 
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between B, B, 0.4, and 2.6 imply that 



(4.4) 



\P p k R p B f\\2 



1 



/ 2iirck\ 1 



/ 2inck\ 



H ex p 

c6S 



/ 2iirck 



^exp 

see 



/ 2iirck 



prob(k, P ,p) = ^\\pVRy\\i = m 



E( 2iirck\ 



P ro b (k',p, q ) = ±\\P* k ,R%f\\t = gexp 



which imply 
(4.5) 



fll«/ll2-H^i?|/l| 2 < 



- V exp 
q t-^L 

5GB 



( 2iirck\ 1 ^-^ / 2iirck 
- > exp 

n ^ ' 



\ p J q 



\ q 



E( 2iwck \ / 



zeB 



Uexpf^p)-! 



The expression on the right can be rewritten as 

(4.6) - 

q 

Using 

(4.7) | exp (ix) - 1| < \x\, 
4.6 can be bounded from above by 



(4-8) 



q ^ 

ceB 

2ir\e k \ 



exp 



/ 2iircek 



)- 



1 J 

2 ^k,B 



q ^ 

BGB 



2iircek 



ceB 



Finally 4.5, 4.6 and 4.8 imply 4.3 □ 

Theorem 4.1 QAUP - version 1. Under the conditions of lemma 4-1, 

\ 2 



(4.9) 



< - 

q 



V J VP npP RP 



\B\ 



2nS 



k,B 



qV\B\p 



<£[\\Pl# B f\\l 



Proof. Since 4.3 is greater than zero, we can square all terms in 4.3 and keep the inequalities 
and obtain 



(4.10) 



q \ VpW\ ( Vp iipPrP 



2tt5 



k.B 



< 
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(4.11) 



□ 



Corollary 4.1 QAUP - version l.a. Under the conditions of lemma 4.1, let 



(4.12) 



or 



(4.13) 
or 

(4.14) 

Suppose, 
(4.15) 

then 
(4.16) 



T =<k € 



T = {k ez t 



T = {k eZ t 



fc' = L-J,*erl, 

P ! 



fc' = Lyl,*erl, 



p 



cG-B 



27T(5f 



Proof. This is an application of |efe| < 1 in 4.2 to 4.9. □ 

Remark 4-1- Summing over all k € T and fc e T in 4.16, 4.9 or 4.3 gives inequalities of the 
form 0.13. 

5. Application to Factoring, QAUP - version 1. We will now show how corollary 4.1 
can be applied to factoring. Recall that for easy factoring, prob (k,p,p) = - for any k in 
3.10. 

Let T be as given in 3.10 and T be as given in 4.12. From section 3, we have B = 
{a, a + r, . . . , a + (t — 1) r} which implies \B\ — t and B = {0, r,2r,...,(t— 1) r}. Let us 
take p — rt> 2r 2 (i.e. t > 2r), q = sp = 2 l > p for some s such that 



(5.1) 



0<1-* 

s 



The sum J2seB c can ^ e evaluated in closed form, but it is more convenient to bound it 
from above by an integral and obtain 



(5.2) 



Y j c<r-=5 B . 
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With 5.2, 4.4, and our choice of p and q, 

2irS B 2tt rt 2 



(5.3) 
and 



s 2 r 2 t 2 2 



(5.4) -IIW/H2 = -J l -^-Vprob(k,p,p) = -J^-^= = -. 

q qvp s V rt Jr sr 



The expressions in 5.1, 5.3 and 5.4 imply that 4.2 is satisfied. 
We now proceed to evaluate 4.16 giving 



(5.5) 



1 I 1 



2tt 



rt z 



1 

sr 



prob (k ,p, q^j 



s IVr srtVtVrt 2 
Finally, we arrive at the desired result. From 4.16 and 5.5, we have 

,5,, X wl g >E l (l _^. (l _I)^, 

k'er' 1 1 ker 
and if s is reasonable, we obtain 



(5.7) 



prob(T',p,q) > ] -. 

V / poly(iogr) 



To complete this half of generalizing the two quantum Fourier tranforms over p, suppose 

' _ I qk I 



we measure k = \ Then 



(5.8) 

implies 

(5.9) 



k - 



qk 



< 1 



k_ 


jt 




k' j 


q 


rt 




q r 



1 1 1 

q 2sr 2 2r 2 



and we can use continued fraction to find r since gcd(j, r) = 1. 

5a. We now deal with the second quantum Fourier transform over p. The technique 
used here is from [3]. This generalization can be extracted to a more general uncertainty 
principle but we will not do it here because the notation is quite cumbersome. 

We assume we have an r such that 2r < r < 4r. This can be achieved by repeating the 
experiment and taking r =2 + 1,4+1,8 + 1,... Doing this will require the experiment 
to be repeated at most on the order of log TV number of times, which is polynomial. Let 
p = 2 l be such that 



(5.10) 



4r 2 < (V) 2 < p < 2 (r'Y < 32r 2 , 
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and p be such that 

(5.11) 4r 2 < p = rt < p < r (t + 1) < 33r 2 . 

The choice of p will allow continued fraction expansion to recover r and the choice of p will 
allow the quantum Fourier transform to be applied over a smooth number. Let 

(5.12) B = | j b = x 3 mod N, < j < p - 1 j , 

a = min{c G B} . 

Since p = rt < p < r (t + 1), either 

(5.13) B = {o,a + r,...,a+(t-l)r}, 



or 



(5.14) 



£? = {a, a + r, . . . , a + tr} . 



Instead of applying the quantum Fourier transform over p as in 3.2, we apply it over p and 
the algorithm becomes 



(5.15) 



1 1 9-1 

W\ £ li) -T^r E E CX P (2"VV«)|c>. 



With 5.15, the probability of measuring k is either 



(5.16) 



1 4-1 

profe ^fc ,p ,qj = — cxp [lixijrk /qj 
qt 3=0 



or 



1 * 

(5.17) prob(k' ,p ,g) = cxp ^2tt^j rk/qj 

depending on whether B is of the form 5.13 or 5.14, respectively. If we get 5.16, then nothing 
has changed by appling the quantum Fourier transform over p and the result will be the 
same as that of 5.6, i.e. 

(5.18) prob (^k ,p , qj = prob (^k ,p, qj > ^1 — — j — — . 

We now consider the case of 5.17. For notation convenience, let 

t-i 

(5.19) a = ^ exp {^ixijrk jqj , 

j=o 

b = exp I 2nitrk / q 
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Notice that 

(5.20) ^(l-3<vW\^) = ^, 
We will choose s so that 

(5.21) < 1 — — I 



a . 



1 



is satisfied as well as 5.1. With our notations we have 
(5.22) \a + b\ = \a 

1 - 















>l«l 


= \a\ 




a 




|a| 







1 



?P sJprob{k\p,q) 
The expressions in 5.20 and 5.21 tell us that 

T 1 



(5.23) 



1 - 



IP \Jprob (k' ,p, q) 
1 



> 1 



/ r 




qp 





> 



|a + b| > \a\ ( 1 - 



and this implies that 
(5.24) 

For the expression in 5.17, we have 
(5.25) 

prob(k' ,p ,qj = ^Jj~p[)\ a + b \ ^ 
t 



2t (s - tt) 



t 



(t + l) 

t 1 
(t + 1) sr 



profe (k',p,q^J ( 1 



(t + 1) 

2 



2t (s - tt) 



s 



1 



2i (s - 7T) 
s 



> 



(Notice that 5.25 is an opportunity for QAUP, but we will not pursue it here.) Since 
4r 2 < p = rt < 32r 2 , we have 4r < t < 32r. Using this to bound 5.25, we obtain 

2 



(5.26) 



prob(k,p\q)>^-(l-^) 2 i I 



33rs V s I \ 2t(s — tt) 
Finally, summing over all k' e T' (for either 5.16 or 5.17) yields 

33rs I 1 ~~ ~s) \ l ~ 277 

k'eT 



(5.27) prob(T',p',q)> £ (l - ^ (l 

fc' - ' 

4$(r) ( x _^ 2 ^ 



2i (s - tt) 



33rs 



2f (s - tt) 



1 



> 



poZy (logr) 



To recover r, we proceed as in 5.8 and 5.9. 
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6. Motivation: Discrete Log, The Easy Case. Mimicking section 3 of factoring, we 
study the easy case of the discrete log problem. Given x, g and p, the discrete log problem 
is to find the least r such that g r = x mod p. 

The quantum algorithm is as follows. Prepare the superposition 

p-2 p-2 

(6.i) ^tEEM'°>- 



Compute in the third register g a x 
( 6 - 2 ) - 



a=0 6=0 



p-2 p-2 



a=0 h=0 



Measure the third register y — g k = g a x 



..a—rb 



. The number of pairs (a, b) such that 



a — rb= k mod (p — 1) is p — 1 since there are p — 1 different values of b to choose from and 
that exhausts all the solution pairs. Let 



(6.3) B = | (a, 6) e Z p _i x Z p _ x 

then the state of the machine will be 
(6.4) 



a — rb = k mod (p — 1) > , 



(a,6)GB 

where the third register is suppressed. Now apply the quantum Fourier transform over Z p 
on the first two registers and obtain 

P-2 p-2 

(6.5) rEE E exp[27ri(ac+6d)/(P-l)]|c,d>- 

(P- I) 2 c=0d=0(a,b)eB 

Finally, measure the first and second register and obtain |c, d) with probability 

2 

1 



(6.6) 



(P - I) 2 a,b,a-rb=k 

Substituting a = k + rb mod (p — 1) gives 

p-2 

(6.7) 



^2 cxp{2ni(ac + bd) / (p - 1)] 



1 



(P- 1)- 6=0 

Notice that the sum is 
0, 



^2 ex P [ 2lTi ( kc + b(d + re)) I (p - l)\ 



(6.8) 



if d + rc ^ mod (p — 1) 

(p — 1) cxp 2nikc/ (p — 1), if = — rc. 

Hence, with probability 1/ (p — I) we will measure c mod (p — 1) and d = —rc. If c and 
p — 1 are relatively prime, we can find r. Thus, we are interested in the set 



(6.9) 



t= { M)eVi xZp-i 



a! = — rc mod (p — 1) , gcd (c,p — 1) = 1 



and the probability of measuring something in T is 



(6.10) 



g (P - 1) 
P-1 



> 



log logp 
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7. QAUP - version 2, Multi-Dimensional. Motivated by the discrete log problem, 
we will derive multi-dimensional quantum algorithm uncertainty principles. The quantum 
algorithms that we are interested in are of the following form. Start with n + 1 registers 
all set to 0: |0, 0, . . . ,0)|0). For each of the first n registers, apply the quantum Fourier 
transform over Z Pj _i and obtain 



(7.1) 

Next, compute 
(7.2) 



.7=1 V rJ oi,...,a n 



,a„>|0>. 



n 1 

II / . _ j X! \a k ,...,a k )\f(a k ,...,a k )), 



and then measure the n + 1 register. The computer will go into the state 



(7.3) 



^2 \ai,.-.,a n ), 



|ai,...,o„)eS 



where the n + 1 register is suppressed. Next, zero-pad — 1 up to <7j for gj > pj — 1 and 
then apply the quantum Fourier transform again and obtain 



(7.4) 



E II ex p 

(oi,...,o„)£B i=l 



\ m ) 



|6i, . . . ,6 n ). 



Finally, measure the rest of the registers and we would like to have some sense of the 
probability of measuring something in a particular set T. 

Let / = (g)" =1 |0), then the probability of measuring something in T is given by 



(7.5) 



1 ™ 



where and i?g are the multidimensional time and band-limiting operators respectively. 
Notice that for any k <G T, the probability of measuring k is given by 



(7.6) 



IRI I II ,/ 



E Il ex p 

(oi,...,o m )eB (=i 



2iriaiki 
Ql 



Lemma 7.1. Let qj > pj — 1, 1 < j < n, T C Z pi _i ® • • • ® Z Pn _i 



(7.7) T =1^' = (k' 1 ,...,k' n )e®] =1 Z qj 



(Pi - 1) 



ej,(fei,...,A„) £T , 
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and k G T which corresponds to k G T. Suppose 



(7.8) 

then 
(7.9) 



|a 1 ,...,a„)eB 



E 



qi 



<^<|llWlk 



o<f||P fe ^/|| 2 -^|^<||P^y|| 2 . 



^ll«/l|2-||P fe 9 ,^/||2< 



Proof. The proof is similar to that of lemma 4.1. 
(7.10) 

q 

1 v—v tt / 2-Kiaiki 

~q e n-p^^i 

y |ai,...,o n )eSi=l V ^ 

The right-hand-side of inequality 7.10 can be written as 



flexp 



/ 2-Kiaik, 



Ql 



(7.11) 



e ri ex p 

|oi,...,o n >£B u=i 



2iriaiki 
Pi-1 



n° x p 



Using 

(7.12) |exp(ia;) - 1| < |x|, 

7.11 is bounded from above by 



(7.13) 



|oi,...,o n >es 

9 



n cxp 



/ 2niaiei 
\ Ql 



< 



E 

|oi,...,o„>€S 



E 



< 



27T(5 fe ,_ 



The expressions in 7.10, 7.11, and 7.13 imply 

2tt(5, 



(7.14) 



|ll«/l| 2 - q 



<\\P« k ,R%f\\ 2 . □ 
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Theorem 7.1 QAUP - version 2. Under the conditions of lemma 7.1, 

2 

(7.15) 



o< £ ( -^iipp^/iL 



Proof. Similar to theorem 4.1. □ 

8. Application to Discrete Log, QAUP-version 2.. We will apply QAUP-version 2 
to the discrete log algorithm. Instead of applying the quantum Fourier transforms over p as 
given in 6.5, we will apply it over q = 2 l . This is natural since the dimension of the Hilbert 
space in qubit quantum computing is a power of two. We take n = 2, p\ — 1 = P2 — 1 =p—l, 
\B\ = p — 1 and 



(8.1) 



where 8.1 comes from 6.7 and 6.8. Let 



(8.2) 

where s satisfies 

(8.3) 

and let 

(8.4) 



qi=q 2 =q = 2 l = s(p-l)> (p-l) 



< 1 



3tt 



I , | (g) fc l | | (g) fc 2 , 

'' H L P -i J ' L P -i J 



(fci,fei)er 



where T is given by 6.9. With this choice of T and T , we have |ei|, | e2 1 < L To satisfy 7.9, 
we have 



(8.5) 



E 

\a ,a 1 )£B 



E 

2=0 



= - k + m<^- J2 a+b - 



a,b : a—rb=k 



a,b,a—rb=k 



Since a = (k + rb) mod (p — 1), a satisfies a < p — 1 and we can use it to bound the last 
sum as follows 



1.6) 



This gives 
(8.7) 



p-2 p-2 

a + b<J2p-l + b=(p-lf + J2 b < 

a,b,a—rb=k 6—0 b— 



27T(5fc,B 37rp 37r 
9 <?<Z s 3 (P - 1) ' 
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Further, 

(8-8) § \\rm\U = ^ ^7^ 11^/112 = 

1 Vp^T 1 1 



S 2 p — 1 y'p — 1 S 2 (p — 1) 

The expressions in 8.3, 8.7 and 8.8 imply that 7.8 is satisfied. 
We now proceed to evaluate 7.15. We have 



2tt 3 (p - l) 2 




2 



(8.9) 



Finally, summing over all k € T yields 

<-»» E,i|ii«>i!^(i-! 

k'er' 

and this tells us that if s is reasonable, then the probability of measuring an element in T 
is at least the inverse of a polynomial in log p. 

To finish the algorithm, we need to recover r. Since we know q and p — 1, we can check 
if our measurement on the first and second register is of the form 

for some (c, rf) (not necessarily in T). We can actually find c and d if it is of this form. 
If (c, rf) e T, we can recover r and the probability of this happening is at least inverse 
polynomial. 
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